Skip to content

Commit

Permalink
Realize the suggestions as part of PR #672
Browse files Browse the repository at this point in the history
Signed-off-by: Kamil Aronowski <[email protected]>
  • Loading branch information
aronowski committed Aug 5, 2024
1 parent fc52977 commit 33789c0
Showing 1 changed file with 5 additions and 8 deletions.
13 changes: 5 additions & 8 deletions SBAT.md
Original file line number Diff line number Diff line change
Expand Up @@ -214,8 +214,7 @@ product. Setting a product-specific generation number for such an event
eliminates the need for other vendors to have to re-release the binaries for
their products with an incremented global number.

The current consensus is for both generation numbers to only ever go up and not
be reset.
Both generation numbers should only ever go up; they should never be reset.

#### Example: a vendor forking a global project

Expand All @@ -242,15 +241,13 @@ grub,4,Free Software Foundation,[...]
grub.vendorc,1,Vendor C,[...]
```

In the perfect scenario, to provide the perfect security, the UEFI SBAT
revocation variable (named *SbatLevel*) would then be set, so that GRUB with a
global generation number of only 4 or higher would be able to be booted. (In
reality there's naturally going to be a certain grace period)
After this, the UEFI SBAT revocation variable (named *SbatLevel*) would be
updated to raise the mandatory minimal global generation number for GRUB to 4.

However, Vendor C mis-merges the patches into one of their products and does
not become aware of the fact that this mis-merge created an additional
vulnerability until after they have published a signed binary in that vulnerable
state. Vendor C's GRUB binary can now be used to compromise everyone's systems.
state. Vendor C's GRUB binary can now be abused to compromise their systems.

To remedy this, Vendor C will release a security-fixed binary with the same
global generation number and an updated product-specific generation number (set
Expand Down Expand Up @@ -281,7 +278,7 @@ grub,5,Free Software Foundation,[...]
grub.vendorc,2,Vendor C,[...]
```

The goal is generally to limit end customer impact with as few
The goal is generally to limit end user impact with as few
re-releases as possible, while not creating an unnecessarily large UEFI
revocation variable payload.

Expand Down

0 comments on commit 33789c0

Please sign in to comment.